{"source":1100528,"name":"serve-static","dependency":"serve-static","title":"serve-static vulnerable to template injection that can lead to XSS","url":"https://github.com/advisories/GHSA-cm22-4g7w-348p","severity":"low","versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.9.0","1.9.1","1.9.2","1.9.3","1.10.0","1.10.1","1.10.2","1.10.3","1.11.0","1.11.1","1.11.2","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.12.5","1.12.6","1.13.0","1.13.1","1.13.2","1.14.0","1.14.1","1.14.2","1.15.0","1.16.0","1.16.1","1.16.2","2.0.0-beta.1","2.0.0-beta.2","2.0.0","2.1.0","2.2.0"],"vulnerableVersions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.9.0","1.9.1","1.9.2","1.9.3","1.10.0","1.10.1","1.10.2","1.10.3","1.11.0","1.11.1","1.11.2","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.12.5","1.12.6","1.13.0","1.13.1","1.13.2","1.14.0","1.14.1","1.14.2","1.15.0"],"cwe":["CWE-79"],"cvss":{"score":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},"range":"<1.16.0","id":"VyBBWzRCPk4QPwU71mkZJ+QZdwW0bnbx/lUJDdvhij3t67jGrB4z2A5Ryyta1VjZgpmZ9kuyannc46B7jSSuiQ=="}